KAMIRAN Support

https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/ .Wallet Master key is released . We are waiting for ESET Crysis to be updatet with .wallet keys. Also AVAST decryptor is detected By ESET (a variant of Win32/Kryptik.RWE trojan - False Positive ) And it must be Corrected. our Customers want to know When ESET will update crysis decryptor ?

Yes but they want to use ESET Agent to install their certificates and we run it with power shell and certutil , And it works find in local system now .

One of our customers want to install some certificates in all clients or install some programs or update patches and we are trying to do this. They want to solve for example certificates problems in all of 1000 clients , Example : hxxp://support.eset.com/kb6208/ We are testing trying to do this with CMD.

You are right , Run as command can not be used because it will run in session 0.

Yes you are right , I check the prepossesses and it seems that as you said all commands are run by a temp batch file under Local System Account, So we can not see the interface of applications. is there any way to run the command as a user or administrator ?

Hi dears , We have problem with Run Command task and we can not even run calc.exe. we use this : COMMAND LINE TO RUN : calc.exe WORKING DIRECTORY : c:\windows\system32 But nothing will run on client ! Also I create a simple batch file c:\1.bat and try to run it on my clients but it can not be run by "Run Command " why ? I must add this : just the command "Shutdown -r" work find with run command task.

and what about %USERPROFILE% , It can not be added to HIPS rules in future ?

Thank you dear Marcos. We hope that we can use it ASAP.

Hi Dears , We want to deny executing of special applications using %temp% and also for example *.exe. But it seems that it is not working in HIPS , For example we deny explorer.exe from starting new application in %temp%\*.exe , But this will not work ! Also %temp%\win32.exe will not work and it can not be deny. Why we can not use wildcards ? If we can not use wildcards and temp variables how we can block running of exe files form temp folder ? Thank you.